To maintain the highest security standards and promote the protection of your data, Zuora will disable support for Weak SSL Ciphers on Zuora endpoints. Disabling weak SSL Ciphers is one of many steps towards ensuring Zuora endpoints are protected against potential high risk vulnerabilities.

When will these changes take effect?

These changes will be rolled into both Sandbox and US Production environments on the following timeline :

API Sandbox:Between July 5, 2018 and July 10

US ProductionSeptember 17, 2018 New date: Jan 9, 2019

It may take several hours for the changes to propagate through Akamai's systems and converge, once the changes are applied.

No action is required on the customer side. Zuora is removing support for SSL Ciphers from the selections within the TLS1.1 and TLS1.2 protocols. By removing ciphers from each TLS protocol suite, the negotiations that occur to build a secure session utilize the other ciphers automatically. These negotiations are automatic, and happen each time a new TLS session is created and are invisible to the applications that are requesting the TLS session.

I can see that TLS_RSA_WITH_AES_256_GCM_SHA384 with TLS 1.2 is still available in the list of ciphers on the URL you gave us, but it is also said on this page that "TLSv1.2 256 bits AES256-GCM-SHA384" is going to be removed.

Whichever it is going to be, could you confirm, and if it is going to be removed, give us the date it is going to be removed in the sandbox for us to start testing please?

Appologies for the delay. After some prior discussion with our Engineering teams, we have decided to keep TLS_RSA_WITH_AES_256_GCM_SHA384 cipher. Confirming it will NOT be removed and I have edited the original post to strikethrough

Apologies for the lack of updates on this thread. The collective leadership here at Zuora made the call to delay this deployment due to scheduling issues and feedback from our cusotmers. The the new date for production is Jan 9, 2019 which is reflected on the original post. Sandbox deployment has already been completed.

0
Kudos

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.